Professional Documents
Culture Documents
Chapter 24
Chapter 24
Management Oversight
Risk Tree Analysis
24.1 INTRODUCTION
Management oversight and risk tree (MORT) is an analysis technique for identifying
safety-related oversights, errors, and/or omissions that lead to the occurrence of a
mishap. MORT is primarily a reactive analysis tool for accident/mishap investi-
gation, but it can also be used for the proactive evaluation and control of hazards.
MORT analysis is used to trace out and identify all of the causal factors leading
to a mishap or undesired event.
The MORT analysis utilizes the logic tree structure and rules of fault tree analysis
(FTA), with the incorporation of some new symbols. This means that MORT can be
used to generate risk probability calculations such as FTA. MORT analysis provides
decision points in a safety program evaluation where design or program change is
needed. MORT attempts to combine design safety with management safety.
24.2 BACKGROUND
This analysis technique falls under the system design hazard analysis type (SD-HAT).
Refer to Chapter 3 for a description of the analysis types. A smaller and less complex
form of MORT has been developed that is referred to as mini-MORT.
The MORT technique is a root cause analysis tool that provides a systematic
methodology for planning, organizing, and conducting a detailed and comprehen-
sive mishap investigation. It is used to identify those specific design control
423
424 MANAGEMENT OVERSIGHT RISK TREE ANALYSIS
measures and management system factors that are less than adequate (LTA) and
need to be corrected to prevent the reoccurrence of the mishap or prevent the unde-
sired event. The primary focus of MORT is on oversights, errors, and/or omissions
and to determine what failed in the management system.
The MORT analysis is applicable to all types of systems and equipment, with
analysis coverage given to systems, subsystems, procedures, environment, and
human error. The primary application of MORT is in mishap investigation to ident-
ify all of the root causal factors and to ensure that corrective action is adequate.
The MORT analysis is capable of producing detailed analyses of root causes
leading to an undesired event or mishap. By meticulously and logically tracking
energy flows within and out of a system, MORT analysis compels a thorough
analysis for each specific energy type. The degree of thoroughness depends on the
self-discipline and ability of the analyst to track logically the flows and barriers in
the system.
The analyst can master MORT analysis with appropriate training. The analyst
must have the ability to understand energy flow concepts, for which at least a
rudimentary knowledge of the behaviors of each of the basic energy types is necess-
ary. Ability to logically identify energy sources and track flows in systems is an
essential skill. Ability to visualize energy releases or energy exchange or transform-
ation effects is another helpful skill. Since MORT analysis is based on an extended
form of FTA, the FTA technique itself could be used as a replacement for MORT
analysis. A condensed version of MORT, called mini-MORT, could also be used.
Use of MORT is not recommended for the general system safety program since it
is complex, time consuming, unwieldy in size, and difficult to understand. Other
hazard analysis techniques are available that provide results more effectively.
MORT could be used for mishap investigation, but FTA is more easily understood
and just as effective.
24.3 HISTORY
The MORT analysis technique was developed circa 1970 by W. G. Johnson of the
Aerojet Nuclear Company. The development work was sponsored by the Energy
Research and Development Administration (Department of Energy, formerly the
Atomic Energy Commission) at the Idaho National Engineering Laboratory
(INEL). MORT analysis is predicated upon hazardous energy flows and safety
barriers mitigating these flows.
24.4 THEORY
The theory behind MORT analysis is fairly simple and straightforward. The analyst
starts with a predefined MORT graphical tree that was developed by the original
MORT developers. The analyst works through this predefined tree, comparing the
management and operations structure of his or her program to the ideal MORT
24.6 WORKSHEET 425
structure, and develops a MORT diagram modeling the program or project. MORT
and FTA logic and symbols are used to build the program MORT diagram. The
predefined tree consists of 1500 basic events, 100 generic problem areas, and a
large number of judging criteria. This diagram can be obtained from The MORT
User’s Manual [1].
The concept emphasizes energy-related hazards in the system design and the
management structure. MORT analysis is based on energy transfer and barriers to
prevent or mitigate mishaps. Consideration is given to management structure,
system design, potential human error, and environmental factors.
Common terminology used in MORT analysis charts includes the following
acronyms:
The generic MORT diagram has many redundancies in it due to the philosophy that
it is better to ask a question twice rather than fail to ask it at all.
The MORT analysis is based on the following definitions:
Accepted or assumed risk Very specific risk that has been identified, analyzed,
quantified to the maximum practical degree, and accepted by the appropriate
level of management after proper thought and evaluation. Losses from assumed
risks are normally those associated with earthquakes, tornadoes, hurricanes, and
other acts of nature.
Amelioration Postaccident actions such as medical services, fire fighting, rescue
efforts, and public relations.
24.5 METHODOLOGY
Table 24.1 shows an overview of the basic MORT analysis process and summarizes
the important steps and relationships involved. This process consists of utilizing
design information and known hazardous energy source information to verify
complete safety coverage and control of hazards.
24.6 WORKSHEET
The MORT analysis worksheet is essentially a slightly modified fault tree with some
added symbols and color coding. All of the symbols, rules, and logic of FTA
426 MANAGEMENT OVERSIGHT RISK TREE ANALYSIS
(see Chapter 11 on FTA) apply to MORT analysis. New symbols added specifically
for MORT are shown in Figure 24.1. Events on the MORT diagram are color coded
according to the criteria in Table 24.2.
The MORT analysis is essentially an FTA that asks what oversights and omis-
sions could have occurred to cause the undesired event or mishap and why in
terms of the management system. In some ways, MORT analysis is like using the
basic MORT diagram as a checklist to ensure everything pertinent is considered.
Figure 24.2 shows the top level of the ideal MORT analysis from the MORT
User’s Manual. Figure 24.3 expands the S branch of the MORT shown in
Figure 24.2. Figure 24.4 expands the M branch of the MORT shown in Figure 24.2.
Figure 24.5 expands the 1 branch of the MORT shown in Figure 24.3. Figure 24.6
expands the 2 branch of the MORT shown in Figure 24.5.
24.7 ADVANTAGES AND DISADVANTAGES 427
Mishap or
Undesired Event
What Why
S M
Specific Control
Factors LTA
S
Harmful Energy Flow Barriers and Persons or Objects Events & Energy
Controls LTA In Energy Channel Flows Leading to
or Env. Condition Accident
1
Specific Control
Factors LTA
M
Barriers and
Controls LTA
1
Controls Barriers
LTA LTA
1. Though simple in concept, the process is labor intensive and requires signifi-
cant training.
2. Is limited by the ability of the analyst to identify all the hazardous energy
sources.
3. Tree size can become too large for effective comprehension by the novice.
Barriers
LTA
2
a3 a3 a3 a3
D/N
None Barrier Use
Possible Failed
R4
Task Performance
D/N Errors
Provide
R5
24.9 SUMMARY
This chapter discussed the MORT hazard analysis technique. The following are
basic principles that help summarize the discussion in this chapter:
REFERENCE
1. N. W. Knox, and R. W. Eicher, MORT User’s Manual, SSDC-4 (Revision 2), U.S. Dept. of
Energy, Idaho Falls, ID, 1983.
BIBLIOGRAPHY
Clark, J. L. The Management Oversight and Risk Tree (MORT)—A New System Safety
Program, Proceedings of the 2nd International System Safety Conference, 1975,
pp. 334 – 350.
Johnson, W. G., MORT, the Management Oversight and Risk Tree, U.S. Atomic Energy
Commission, SAN-821-2, U.S. Government Printing Office, Washington DC, 1973.
Johnson, W. G., MORT Safety Assurance Systems, Marcel Dekker, New York, 1980.
Stephenson, J., System Safety 2000: A Practical Guide for Planning, Managing, and Conduct-
ing System Safety Programs, Wiley, New York, 1991, pp. 218 – 255.